3

I have an Apache Http Client which needs to connect to a server which requires TLS 1.2, but right now this client is running on jdk 1.6 and an upgrade is not possible at this time. So I opted for Bouncy Castle. I set it up on my Mac as shown in this post.

Here is my code which uses a SSLContextBuilder...

import org.apache.http.ssl.SSLContextBuilder;

 SSLContextBuilder sslContextBuilder = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
  public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
    return true;
  }
});

 // set SSL context builder to use TLSv1 protocoil
 sslContextBuilder = sslContextBuilder.useProtocol("TLSv1.1");

But at the last line here I get this exception...

   Caught: java.security.NoSuchAlgorithmException: TLSv1.1 SSLContext not available
java.security.NoSuchAlgorithmException: TLSv1.1 SSLContext not available
at org.apache.http.ssl.SSLContextBuilder.build(SSLContextBuilder.java:271)

Looks like that SSLContextBuilder is not seeing my BouncyCastle. Or is my BouncyCastle not supporting TLS 1.1? If I change it to "TLSv1" then it works.

Or is there a better way to do this (hooking up my apache httpclient to bouncycastle so my java 6 program can connect to a tlsv1.2 server)?

Community
  • 1
  • 1
AbuMariam
  • 3,282
  • 13
  • 49
  • 82

1 Answers1

1

BouncyCastle is only a JCE provider (providing cryptographic algorithms) and not a JSSE provider (providing SSL and TLS through SSLSocket, SSLSocketFactory, etc). By adding BouncyCastle as security provider you only register BouncyCastle's JCE provider. Some more info here.

Since Apache HttpClient also uses JSSE you cannot plug BouncyCastle's TLS implementation either. You could maybe extend Java's JSSE classes leveraging BouncyCastle's TLS implementation, but this will take some effort.

If you want to use BouncyCastle's TLS implementation you can find an example in this thread.

dudel
  • 684
  • 5
  • 15